CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Metasploit Modules Related To GNU

CVE-2014-4877  GNU Wget FTP Symlink Arbitrary Filesystem Access
This module exploits a vulnerability in Wget when used in recursive (-r) mode with a FTP server as a destination. A symlink is used to allow arbitrary writes to the target's filesystem. To specify content for the file, use the "file:/path" syntax for the TARGET_DATA option. Tested successfully with wget 1.14. Versions prior to 1.16 are presumed vulnerable.
Module type : auxiliary Rank : normal
CVE-2014-6271  Advantech Switch Bash Environment Variable Code Injection (Shellshock)
This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets the 'ping.sh' CGI script, acessible through the Boa web server on Advantech switches. This module was tested against firmware version 1322_D1.98.
Module type : exploit Rank : excellent Platforms : Unix
CVE-2014-6271  IPFire Bash Environment Variable Injection (Shellshock)
IPFire, a free linux based open source firewall distribution, version <= 2.15 Update Core 82 contains an authenticated remote command execution vulnerability via shellshock in the request headers.
Module type : exploit Rank : excellent Platforms : Linux,Unix
CVE-2014-6271  Pure-FTPd External Authentication Bash Environment Variable Code Injection (Shellshock)
This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets the Pure-FTPd FTP server when it has been compiled with the --with-extauth flag and an external Bash script is used for authentication. If the server is not set up this way, the exploit will fail, even if the version of Bash in use is vulnerable.
Module type : exploit Rank : excellent
CVE-2014-6271  Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function definition.
Module type : exploit Rank : excellent
CVE-2014-6271  CUPS Filter Bash Environment Variable Code Injection (Shellshock)
This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CUPS filters through the PRINTER_INFO and PRINTER_LOCATION variables. A valid username and password is required to exploit this vulnerability through CUPS.
Module type : exploit Rank : excellent Platforms : Unix
CVE-2014-6271  OS X VMWare Fusion Privilege Escalation via Bash Environment Code Injection (Shellshock)
This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets the VMWare Fusion application, allowing an unprivileged local user to get root access.
Module type : exploit Rank : normal Platforms : OSX
CVE-2014-6271  Dhclient Bash Environment Variable Injection (Shellshock)
This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets dhclient by responding to DHCP requests with a malicious hostname, domainname, and URL which are then passed to the configuration scripts as environment variables, resulting in code execution. Due to length restrictions and the unusual networking scenario at the time of exploitation, this module achieves code execution by writing the payload into /etc/crontab and then cleaning it up after a session is created.
Module type : exploit Rank : excellent Platforms : Unix
CVE-2014-6271  Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
This module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function definition. PROTIP: Use exploit/multi/handler with a PAYLOAD appropriate to your CMD, set ExitOnSession false, run -j, and then run this module to create sessions on vulnerable hosts. Note that this is not the recommended method for obtaining shells. If you require sessions, please use the apache_mod_cgi_bash_env_exec exploit module instead.
Module type : auxiliary Rank : normal
CVE-2014-6271  DHCP Client Bash Environment Variable Code Injection (Shellshock)
This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets dhclient by responding to DHCP requests with a malicious hostname, domainname, and URL which are then passed to the configuration scripts as environment variables, resulting in code execution.
Module type : auxiliary Rank : normal
CVE-2014-6278  Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function definition.
Module type : exploit Rank : excellent
CVE-2014-6278  CUPS Filter Bash Environment Variable Code Injection (Shellshock)
This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CUPS filters through the PRINTER_INFO and PRINTER_LOCATION variables. A valid username and password is required to exploit this vulnerability through CUPS.
Module type : exploit Rank : excellent Platforms : Unix
CVE-2014-6278  Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
This module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function definition. PROTIP: Use exploit/multi/handler with a PAYLOAD appropriate to your CMD, set ExitOnSession false, run -j, and then run this module to create sessions on vulnerable hosts. Note that this is not the recommended method for obtaining shells. If you require sessions, please use the apache_mod_cgi_bash_env_exec exploit module instead.
Module type : auxiliary Rank : normal
CVE-2015-235  Exim GHOST (glibc gethostbyname) Buffer Overflow
This module remotely exploits CVE-2015-0235, aka GHOST, a heap-based buffer overflow in the GNU C Library's gethostbyname functions on x86 and x86_64 GNU/Linux systems that run the Exim mail server.
Module type : exploit Rank : great Platforms : Unix
CVE-2015-235  WordPress XMLRPC GHOST Vulnerability Scanner
This module can be used to determine hosts vulnerable to the GHOST vulnerability via a call to the WordPress XMLRPC interface. If the target is vulnerable, the system will segfault and return a server error. On patched systems, a normal XMLRPC error is returned.
Module type : auxiliary Rank : normal

Please note: Metasploit modules are only matched by CVE numbers. There may be other modules related to this product. Visit metasploit web site for more details
Total number of modules found = 15   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.